JP2005327189A - Server, authentication exchange system, request relaying method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an authentication exchange system, a server therefor, and a request relaying method, which can be suitably applicable between networks having cooperative and fiduciary relations. <P>SOLUTION: A user terminal 10 transmits a request including discrimination information of a user to a first authentication exchange server together with authentication information peculiar to the user. The first authentication exchange server inquires of a first authentication server about validity of the user and transmits the request to a second authentication management server for managing an objective host when the validity of the user is confirmed. At this time, the first authentication exchange server changes the discrimination information of the user included in the request to discrimination information of a network. A second authentication exchange server controls performance of the request to the objective host on the basis of the discrimination information of the network and control information preliminarily set on the basis of a fiduciary relation. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to an authentication exchange system that uses an authentication result already received by a user between networks that require authentication processing separately, a server therefor, and a request relay method.

  In some cases, members of other organizations that have a trust / collaboration relationship, such as corporate groups, school corporation groups, and government office groups, may want to be allowed to use resources on the network. In this case, the authentication process is not performed at all, or a guest account is set and approved for use, or the user registers personal information etc. and issues authority on each network. In recent years, there has been proposed a method for providing a single sign-on function by providing an authentication state management server for centrally managing authentication states.

  For example, in Japanese Patent Laid-Open No. 2002-7937, an authentication mediation server similar to the above-described authentication status management server is provided so that personal information, ID / password, etc. can be centrally managed so that a plurality of services can be easily provided. An authentication mediation system is introduced.

  Further, for example, JP 2002-335239 A introduces the concept of an authentication token instead of providing an authentication state management server that centrally manages authentication states, and the authentication server that receives the authentication token A single sign-on authentication method is introduced in which an authentication server is queried to verify the validity of an authentication token.

  In addition, as related to the single sign-on function, in Japanese Patent Laid-Open No. 2003-316742, a user registers in advance a combination of a transmission source and a transmission destination and identification information to be added as a user identification information transmission policy, An anonymous communication method having a single sign-on function is introduced in which additional identification information is appropriately replaced with reference to a user identification information transmission policy during packet relay.

Japanese Patent Laid-Open No. 2002-7937 JP 2002-335239 A JP 2003-316742 A

  However, in cases where members belonging to other organizations that have a trust / collaboration relationship are allowed to use resources on the network, a unified database across the network will be established from the viewpoint of protecting personal information. There are many cases where this is not possible.

  Further, assuming that it is possible to provide the above-mentioned centralized database, even if the application of the technique described in Japanese Patent Laid-Open No. 2002-7937 is considered, a fictitious ID is generated and login is attempted. It is limited to the case where the authentication mediation server can be accepted. Therefore, the technology described in the above-mentioned Japanese Patent Application Laid-Open No. 2002-7937 is not suitable when the trust / cooperation relationship has already been established among the member groups and therefore it is desired to approve resource sharing.

  In addition, it is possible to adopt a method such as JP 2002-335239 which does not require a centralized database. However, in this method, information necessary for authentication is constantly transmitted and received, and from the viewpoint of security. Then, encryption processing is required (see FIG. 6 of the same publication). Furthermore, when anonymizing the subject of a request such as job execution, the second authentication server that received the request must be a mechanism that inquires the authentication status to the first authentication server that issued the authentication token. Therefore, the anonymity of the subject of the request (viewed from the second authentication server side) cannot be ensured. In short, with the technique of the publication, it becomes difficult to anonymize requests such as job execution.

  Moreover, in practice, when a member of another organization with which a trust / collaboration relationship has been established is permitted to use the resource, it is sufficient if it is supported by the authentication server of the organization to which the member belongs. In each case, additional authentication processing in the network is unnecessary, and there are many cases in which it is not desired to send personal information to other authentication servers. Therefore, it is conceivable to adopt an anonymous communication method such as that disclosed in Japanese Patent Application Laid-Open No. 2003-316742, and to use the user identification information properly by the server and to permit the use of resources in principle. However, as in the same publication, when the user identification information is replaced at the packet level, there is a problem that it becomes difficult for the request receiving side to confirm the legitimacy of the transmission source.

  The present invention has been made in consideration of the above-mentioned circumstances, and the object of the present invention is to use the above-mentioned centralized database, authentication state management server, etc. An object of the present invention is to provide an authentication exchange system, a server for the authentication, and a request relay method for performing authentication and executing a request without flowing personal information between networks in a working relationship.

  According to the first aspect of the present invention that provides means for solving the above-described problem, when a normal authentication process is performed in one network between networks in a trust / cooperation relationship, a request is issued. The server device on the receiving side adds the user attribute information to the request (the site, network, job title, authority, etc. to which the user belongs, as long as it can be used for access restriction on the receiving side) The request (request for the computer exemplified by job submission / deletion / change, file transmission / deletion / transfer, database management, etc.) is transferred, and the server device on the receiving side is based on the attribute information of the user, An authentication exchange system is provided that enforces access restrictions. In this authentication exchange system, first, a process in which a user terminal belonging to one network transmits a request together with user-specific authentication information to the first server is performed, and then the first server User attribute information in a request from a user whose validity of the user-specific authentication information is confirmed with respect to the second server managing the host computer after confirming the validity of the received user-specific authentication information Is added and transferred. Further, a request relay method is performed in which the second server performs a process of processing a request such as submitting a job for the designated computer based on the attribute information of the user.

  The authentication exchange system also includes a request mediation server or authentication exchange server provided on the request transmission side, a request reception server or authentication exchange server provided on the request reception side, a user terminal of each network, a request It consists of a computer that executes According to the second aspect of the present invention, these request mediation server, request reception server, and authentication exchange server are provided.

  According to the present invention, a user who has been authenticated by one network can easily use resources based on a prior trust relationship without flowing personal information to the network. Furthermore, when a large number of networks having a trust / cooperation relationship are connected to each other, it is possible to obtain the same convenience as single sign-on.

  Next, the best mode for carrying out the present invention will be described. According to a preferred embodiment of the present invention, means for receiving a request from a user terminal, means for confirming the validity of user-specific authentication information received together with the request, and a request from a user whose validity has been confirmed Means for converting the part representing the source of the message and transferring it to the target authentication exchange server; means for receiving a request from another authentication exchange server; and processing the received request based on predetermined control information And an authentication exchange system formed by connecting a plurality of authentication exchange servers each having a means for performing the same (see FIG. 3).

  The request includes at least user identification information, computer designation, and request content, and the control information associates authentication exchange server identification information with corresponding user terminal authority information. The user identification information has a hierarchical structure with a predetermined delimiter in between, and the upper part is network identification information.

  When accessing a resource of another network from an arbitrary user terminal, authentication information and a request (R1 in FIG. 2) are transmitted to the authentication exchange server of the network to which the user terminal belongs. The request at this point includes the user identification information as it is (see R1 in FIG. 2; site1-0001).

  Next, the authentication exchange server on the user terminal side confirms the validity of the received authentication information by a desired means. When the legitimacy of the user is confirmed, the authentication exchange server deletes the part after the delimiter “-” from the user identification information part of the request, and sends it to the authentication exchange server of the network that is the purpose of the request. ,Forward. Therefore, in the request at this point, the part that can uniquely identify the user is deleted, and only the request transmission source network that is the attribute of the user can be identified (see R2 in FIG. 2; site1). .

  Upon receiving the request, the authentication exchange server of the network that is the purpose of the request refers to the control information and confirms that the request is within the authority range from the network having the trust relationship, and sends the request to the resource. Authorize access.

  As described above, in the authentication exchange system of the present embodiment, only the request content is relayed, and the authentication and the execution of the request are separated and performed separately. Therefore, it is not necessary to register personal information at each request destination, or to prepare an authentication status management server and perform integrated authority management, and share resources while protecting privacy with a simple configuration. Can be accepted.

  Next, a first embodiment of the present invention will be described in detail with reference to the drawings. FIG. 1 is a diagram showing the overall configuration of an inter-site authentication exchange system according to a first embodiment of the present invention. Referring to FIG. 1, the authentication exchange system includes a site 1 including a user terminal 10, an authentication exchange server 11, and an authentication server 12, an authentication exchange server 21, an authentication server 22, a host 31, and a host 32. It is composed of a site 1 and a site 2 having a trust relationship. Further, the site 1 and the site 2 are connected via an inter-site network 4.

  The user terminal 10 is a personal computer, a mobile terminal or the like of the user at the site 1. In FIG. 1, only the user terminal 10 is displayed for convenience of explanation.

  The authentication exchange servers 11 and 21 are server devices that receive a request from the user terminal 10, process user information included in the request, and relay it. The operation will be described in detail later.

  The authentication server 12 of the site 1 is a server device that stores and holds authentication information such as personal information of users belonging to the site 1 and performs a user authentication procedure in response to a request from the authentication exchange server 11. Further, in addition to the function of the authentication server 12, the authentication server 22 of the site 2 stores and holds host control information indicating access authority to the host of each site, and based on this, requests from the authentication exchange server 21 are stored. Accordingly, the server device has a function of providing control information.

  The hosts 31 and 32 are host computers to which jobs are submitted from the authentication exchange server 21.

  Next, the operation of this embodiment will be described in detail by giving an example in which a user AAA having a user ID “site1-0001” submits a job to the host 31 in the site 2 using the user terminal 10. Note that the user AAA has already been authenticated by the authentication server 12 of the site 1 and includes personal information (personal information), a signature of the authentication server 12, and the like. It is assumed that an electronic certificate equivalent to 509 has been issued.

  FIG. 2 is a diagram for explaining the operation of this embodiment. First, the user terminal 10 belonging to the site 1 inputs (transmits) the electronic certificate prepared in advance and the request R1 to the authentication exchange server 11 of the site 1 (step S1). As shown in FIG. 2, the request includes, for example, a user ID, a target host, and request contents.

  Subsequently, when the authentication exchange server 11 of the site 1 receives the request and the electronic certificate from the user terminal 10, the authentication exchange server 11 accesses the authentication server 12 of the site 1 and transmits an inquiry message CFM1 including the electronic certificate. It is inquired whether AAA is a user who has been authenticated at the site 1 (step S2).

  The authentication server 12 at the site 1 checks the message CFM1 received from the authentication exchange server 11, and transmits ANS1 to the authentication exchange server 11 as a result (step S3).

  If ANS1 is a positive response as a result of the inquiry, the authentication exchange server 11 generates a request R2 in which the user ID of the request R1 is changed to the site name site1 (site1), Relay to the authentication exchange server 21 of the site 2 to which the designated host 31 belongs (step S4). At this time, an electronic certificate is not attached to the request R2.

  Upon receiving the request R2 from the authentication exchange server 11, the authentication exchange server 21 of the site 2 accesses the authentication server 22 of the site 2 and transmits an inquiry message CFM2, and the authenticated user of the site 1 executes a job on the host 31. Whether it is possible is introduced (step S5).

  Upon receiving the inquiry message CFM2 from the authentication exchange server 21, the authentication server 22 of the site 2 refers to the host control information set and held in advance (only the host 31 is permitted for the site 1), and responds to the message CFM2 ANS2 Is returned (step S6). At this time, since the personal information of the user AAA including the electronic certificate is not transmitted from the site 1 to the site 2 side (authentication exchange server 21, authentication server 22, etc.), the authentication server 22 makes a request from the site 1 And whether or not the job requested by the designated host is being executed.

  When ANS2 is a positive answer as a result of the inquiry, the authentication exchange server 21 generates an anonymous request R3 in which the user ID part (site 1 (site1)) of the request R2 is anonymous, Input (send) to the host 31 (step S7).

  The request input in the host 31 is executed as a job having an anonymous ID (step S8).

  Further, according to the host control information stored and held in the authentication server 22 described above, only the host 31 is permitted for the site 1. Therefore, when the request R1 specifying other than the host 31 is transmitted from the user terminal 10, a positive answer is transmitted in step S3, and the request R2 is generated in the authentication exchange server 11 to authenticate the site 2. Although it will be relayed to the exchange server 21, since a negative answer is transmitted from the authentication server 22 in step S6, the request R3 is not entered.

  As described above, according to the present invention, a user who has been authenticated at a certain site can execute a job on a host at another site without going through a special authentication procedure, using the proof of its reliability. Become. In addition, it is possible to confirm the fact that the user who requested job execution is authenticated at the site to which the user belongs (the fact that the user is a reliable site) on the host side of another site.

  The case where the request is transmitted from the site 1 side to the site 2 side has been described with reference to FIGS. 1 and 2 above. However, the authentication server 12 in FIG. Similarly, a request can be transmitted from the site 2 side to the host on the site 1 side.

  Next, a second embodiment of the present invention will be described in detail with reference to the drawings. Since the configuration of each site such as the authentication exchange server and the authentication server is the same as that of the first embodiment, the description thereof will be omitted.

  FIG. 3 is a diagram for explaining a second embodiment of the present invention. Referring to FIG. 3, the authentication exchange system according to the second embodiment of the present invention is composed of four sites 1, 2, 3, 4 equivalent to the sites 1, 2 in the first embodiment described above. ing. The sites 1, 2, 3, and 4 hold host control information 101, 201, 301, and 401 that are determined according to the trust relationship between the sites.

  When comparing with the host control information 101, 201, 301, 401 in FIG. 3, the user of the site 1 is set to be able to submit jobs to all the hosts of the other sites 2, 3, 4 . In addition, the users of the site 2 and the site 4 are set to be able to submit jobs to all the hosts of the mutual sites, but the site 3 can submit jobs only to the host 3A (not shown). It is set like this. Further, the user of the site 3 is set so that the job can be submitted only to a part of the hosts of the sites 1, 2, and 4. These are defined by the trust / cooperation between the sites 1, 2, 3, and 4.

As is clear from the description of the first embodiment described above, even when there are a plurality of sites, it is possible to execute a job by using an authentication server and an authentication exchange server while keeping the user ID secret. For example, a user at site 1 can execute a job for a host at a plurality of sites only by being authenticated (signed on) by the authentication exchange server at his site 1.
That is, a user belonging to any one of sites 1, 2, 3, and 4 does not need to sign on to another site, and can execute a job with single sign-on.

  On the other hand, jobs submitted to the hosts of sites 1, 2, 3, and 4 by users of site 5 (not shown in any of sites 1, 2, 3, and 4) Since the negative answer is made by the authentication server, it is reliably prevented.

  In each of the above-described embodiments of the present invention, for convenience of explanation, a case where resources are shared between sites having a host is illustrated. However, other resources may be used between arbitrary groups such as a local area network. It is possible to apply the same in the case of sharing.

  Further, in each of the embodiments of the present invention described above, only the request mediation server specialized in accepting the request R1 from the user terminal 10 and transferring it to the authentication exchange server, assuming that the authentication exchange server is arranged at each site. Or a configuration including a site including only a request receiving server specialized for receiving the request R2 from the authentication exchange server and transferring it to the host.

  Further, instead of making an inquiry to the authentication server, the authentication exchange server may perform user authentication processing through interaction with the user terminal or the like.

1 is a diagram illustrating an overall configuration of an inter-site authentication exchange system according to a first embodiment of the present invention. It is a figure for demonstrating operation | movement of the site authentication exchange system which concerns on 1st Example of this invention. It is a figure showing schematic structure of the authentication exchange system between sites concerning the 2nd example of the present invention.

Explanation of symbols

4 Inter-site network 10 User terminal 11, 21 Authentication exchange server 12, 22 Authentication server 31, 32 Host 101, 201, 301, 401 Host control information

Claims (11)

A request mediation server connected to a request reception server that confirms the validity of a request based on user attribute information and performs reception processing.
Means for receiving a request together with user-specific authentication information from a user terminal;
Means for confirming the validity of the received user-specific authentication information;
Means for adding user attribute information to a request from a user whose validity of the user-specific authentication information is confirmed;
Means for transferring the request to the request reception server,
A request mediation server characterized by In the request mediation server according to claim 1,
Means for adding user attribute information to a request from a user whose validity of the user-specific authentication information has been confirmed,
If the request includes user identification information, replacing the user identification information with user attribute information;
A request mediation server characterized by A request reception server that receives a request with user attribute information added thereto,
Means for holding control information associating the attribute information and authority information of the user;
Means for determining the validity of the received request based on the control information;
Means for accepting and processing a request for which the validity has been confirmed,
A request reception server characterized by The request reception server according to claim 3, further comprising:
Deleting the user attribute information included in the request and providing means for converting to an anonymous request;
A request reception server characterized by Means for receiving a request together with user-specific authentication information from a user terminal;
Means for confirming the validity of the received user-specific authentication information;
The request from the user whose validity of the user-specific authentication information is confirmed is added with the user attribute information, and the request is sent to another authentication exchange server or the request reception server according to claim 3 or 4. A means of transferring
Means for receiving a request to which attribute information of a user is added from another authentication exchange server or the request mediation server according to claim 1 or 2;
Means for holding control information associating the attribute information and authority information of the user;
Means for determining the validity of the received request based on the control information;
Means for accepting and processing a request for which the validity has been confirmed,
An authentication exchange server characterized by The authentication exchange server according to claim 5, further comprising:
Means for adding user attribute information to a request from a user whose validity of the user-specific authentication information has been confirmed,
If the request includes user identification information, replacing the user identification information with user attribute information;
An authentication exchange server characterized by The authentication exchange server according to claim 5 or 6, further comprising:
Deleting the user attribute information included in the request and providing means for converting to an anonymous request;
An authentication exchange server characterized by The request mediation server according to claim 1 or 2, or the authentication exchange server according to any one of claims 5 to 7,
The request reception server according to claim 3 or 4, or the authentication exchange server according to any one of claims 5 to 7,
Connected to a computer that can accept requests,
An authentication exchange system characterized by A request relay method using the authentication result in one network,
A step in which a user terminal belonging to one network transmits a request to the first server together with user-specific authentication information;
The first server confirming the validity of the received user-specific authentication information;
The first server adding user attribute information to a request from a user whose validity of the user-specific authentication information is confirmed;
The first server transferring a request with the user attribute information added to a second server of the request destination;
The second server determines the legitimacy of the received request based on the control information that associates the attribute information and authority information of the user;
The second server processing the validated request; and
A request relay method characterized by The request relay method according to claim 9, further comprising:
In place of the step in which the first server adds user attribute information to a request from a user whose validity of the user-specific authentication information has been confirmed,
The first server includes a step of replacing user identification information included in a request from a user whose validity of the user-specific authentication information is confirmed with user attribute information;
A request relay method characterized by The request relay method according to claim 9 or 10, further comprising:
The second server includes deleting the user attribute information included in the request and converting it to an anonymous request;
A request relay method characterized by

Images